{ config, pkgs, lib, ... }:
let
  mySQLPackage = pkgs.mysql;
  photoprismPort = 2342;
  mysqlPort = 3336;
in
{

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ];
  # networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];

  containers.photoprism = {
    privateNetwork = false;
    autoStart = true;

    config = { config, lib, ... }: {
      nixpkgs.pkgs = pkgs;
      imports = [ ../../components/monitor/container.nix ];
      system.stateVersion = "23.11";

      # Photoprism
      # ----------
      services.photoprism = {
        enable = true;
        port = photoprismPort;
        originalsPath = "/var/lib/private/photoprism/originals";
        address = "0.0.0.0";
        settings = {
          PHOTOPRISM_ADMIN_USER = "admin";
          PHOTOPRISM_ADMIN_PASSWORD = "...";
          PHOTOPRISM_DEFAULT_LOCALE = "en";
          PHOTOPRISM_DATABASE_DRIVER = "mysql";
          PHOTOPRISM_DATABASE_NAME = "photoprism";
          PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
          PHOTOPRISM_DATABASE_USER = "photoprism";
          PHOTOPRISM_SITE_URL = "http://photoprism.orbi.private:${toString  photoprismPort}";
          PHOTOPRISM_SITE_TITLE = "PhotoPrism";
        };
      };

      # MySQL Database
      # --------------
      services.mysql = {
        enable = true;
        package = mySQLPackage;
        settings.mysqld.port = mysqlPort;
        ensureDatabases = [ "photoprism" ];
        ensureUsers = [{
          name = "photoprism";
          ensurePermissions = {
            "photoprism.*" = "ALL PRIVILEGES";
          };
        }];
      };

      # Backup Database
      # ---------------
      services.mysqlBackup = {
        enable = true;
        databases = config.services.mysql.ensureDatabases;
        singleTransaction = true;
      };

    };
  };


}